Windows 2. 01. 2 R2 Certification Authority installation guide. This step by step guide explains how to install and configure public key infrastructure, based on Windows 2. R2 Server core offline Root CAWindows 2. R2 domain controller. Windows 2. 01. 2 R2 standard edition Subordinate Enterprise CA server. Offline Root CA OS installation phase. Boot the server using Windows 2. R2 bootable DVD. From the installation option, choose Windows Server 2. What are Certificate Authorities Trust Hierarchies Certificate Authorities, or Certificate Authorities CAs, issue Digital Certificates. Digital Certificates are. MarkTaylor Residential Inc. general requirements. MarkTaylor Residential Inc. greatly appreciates our relationship with you and is committed to reducing the risk at. Enterprise certification authorities CAs can issue certificates for purposes such as digital signatures, secure email by using SMIME Secure Multipurpose Internet. R2 Standard Server Core Installation click Next. Accept the license agreement click Next. Choose Custom Install Windows Only Advanced installation type specify the hard drive to install the operating system click Next. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRLALTDELETEChoose Administrator account click OK to replace the account password specify complex password and confirm it press Enter Press OK. From the command prompt window, run the command bellow sconfig. Press 2 to replace the computer name specify new computer name click Yes to restart the server. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow sconfig. Press 5 to configure Windows Update Settings select A for automatic click OK. Press 6 to download and install Windows Updates choose A to search for all updates Choose A to download and install all updates click Yes to restart the server. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow sconfig. In case you need to use RDP to access and manage the server, press 7 to enable Remote Desktop choose E to enable choose either 1 or 2 according to your client settings Press OK. Press 8 to configure Network settings select the network adapter by its Index number press 1 to configure the IP settings choose S for static IP address specify the IP address, subnet mask and default gateway press 2 to configure the DNS servers click OK press 4 to return to the main menu. Press 9 to configure Date and Time choose the correct datetime and time zone click OKPress 1. Yes to restart the server. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow powershell. This stepbystep guide explains how to install and configure public key infrastructure, based on Windows 2012 R2 Server core offline Root CA Windows 2012 R2. Run the commands bellow to enable remote management of the Root CA Enable Net. Firewall. Rule Display. Group Remote Service ManagementNote The above command should be written in single line. Enable Net. Firewall. Rule Display. Group Remote DesktopOffline Root CA Certificate Authority server installation phase. To login to the server, press CTRLALTDELETE specify the Administrator account credentials. From the command prompt window, run the command bellow powershell. Run the command below to create CA policy file notepad c windowscapolicy. Specify the following data inside the capolicy. VersionSignatureWindows NTCertsrvServerRenewal. Key. Length4. 09. Renewal. Validity. PeriodYears. Renewal. Validity. Period. Units2. 0CRLPeriodWeeks. CRLPeriod. Units2. CRLDelta. PeriodDays. CRLDelta. Period. Units0. Load. Default. Templates0. Alternate. Signature. Algorithm1Policy. Statement. ExtensionPoliciesLegal. PolicyLegal. PolicyOID1. NoticeLegal Policy StatementURLhttp wwwCert. Enrollcps. asp. Run the commands below to install Certification Authority using Powershell Import Module Server. Manager. Add Windows. Feature ADCS Cert Authority Include. Management. Tools. Note The above command should be written in single line. Run the command below to install the Root CA Install Adcs. Certification. Authority CAType Standalone. Root. CA Key. Length 4. Hash. Algorithm. Name SHA2. Validity. Period Years Validity. Period. Units 2. 0 CACommon. Name lt CAServerName Crypto. Provider. Name RSAMicrosoft Software Key Storage ProviderNote 1 The above command should be written in single line. Note 2 Replace CAServerName with the Root CA Net. BIOS name. Run the command below to remove all default CRL Distribution Point CDP crllist Get CACrl. Distribution. Point foreach crl in crllist Remove CACrl. Distribution. Point crl. Force Note The above command should be written in single line. Run the commands below to configure new CRL Distribution Point CDP Add CACRLDistribution. Point Uri C WindowsSystem. Cert. SrvCert. Enroll38. Publish. To. Server Force. Note The above command should be written in single line. Add CACRLDistribution. Point Uri http wwwCert. Enroll38. crl Add. To. Certificate. CDP Force. Note The above command should be written in single line. Run the command below to remove all default Authority Information Access AIA aialist Get CAAuthority. Information. Access foreach aia in aialist Remove CAAuthority. Information. Access aia. Force Note The above command should be written in single line. Run the command below to configure new Authority Information Access AIA Add CAAuthority. Information. Access Add. To. Certificate. Aia uri http wwwCert. Enroll13. crt. Note The above command should be written in single line. Run the commands below to configure the Root CA settings certutil. CACRLPeriod. Units 2. CACRLPeriod Weekscertutil. CACRLDelta. Period. Units 0certutil. exe setreg CACRLDelta. Period Dayscertutil. CACRLOverlap. Period. Units 1. 2certutil. CACRLOverlap. Period Hourscertutil. CAValidity. Period. Units 2. 0certutil. CAValidity. Period Yearscertutil. CAKey. Size 4. 09. CAAudit. Filter 1. Run the commands bellow from command line, to configure the Offline Root CA to publish in the active directory certutil. DSConfig. DN CNConfiguration, DCmycompany,DCcomNote 1 The above command should be written in single line. Note 2 Replace DCmycompany,DCcom according to your domain name. DSDomain. DN DCmycompany,DCcomNote Replace DCmycompany,DCcom according to your domain name. Run the command bellow to stop the Cert. Svc service Restart Service certsvc. Run the command below to publish new CRLs certutil. CRLEnterprise Subordinate CA OS installation phase. Pre requirements Active Directory Forest functional level Windows 2. R2Add A record for the Root CA to the Active Directory DNS. Boot the server using Windows 2. R2 bootable DVD. From the installation option, choose Windows Server 2. R2 Standard Server with a GUI click Next. Accept the license agreement click Next. Choose Custom Install Windows Only Advanced installation type specify the hard drive to install the operating system click Next. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRLALTDELETEChoose Administrator account click OK to replace the account password specify complex password and confirm it press Enter Press OK. From the Welcome to Server Manager, click on Configure this local server replace the Computer name restart the server. From the Welcome to Server Manager, click on Configure this local server click on Ethernet right click on the network interface properties configure static IP address. Enable Remote DesktopFrom the command prompt window, run the command bellow powershell. Run the commands bellow to enable remote management of the Root CA Enable Net. Firewall. Rule Display. Group Remote DesktopEnterprise Subordinate CA Certificate Authority server installation phase. Pre requirements DNS CNAME record named www for the Enterprise Subordinate CA. Make sure the clocks of the Offline Root CA and the Subordinate CA are synched. To login to the server, press CTRLALTDELETE specify the credentials of account member of Schema Admins, Enterprise Admins and Domain Admins. Copy the files bellow from the Offline Root CA server to a temporary folder on the subordinate CA C WindowsSystem. Cert. SrvCert. Enroll. C WindowsSystem. Cert. SrvCert. Enroll
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |